package com.nxk.modules.shiro;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.servlet.Filter;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;


/**
 * Shiro的配置类
 */
@Configuration
public class ShiroConfig {

    /**
     *  anon: 无需认证（登录）可以访问
     * 	authc: 必须认证才可以访问
     * 	user: 如果使用rememberMe的功能可以直接访问
     * 	perms： 该资源必须得到资源权限才可以访问
     * 	role: 该资源必须得到角色权限才可以访问
     */
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);

        //退出登陆接口
        shiroFilterFactoryBean.setLoginUrl("/a/core/user/logout");
        //重新登录接口
	    shiroFilterFactoryBean.setLoginUrl("/a/core/user/refreshLogin");

        LinkedHashMap<String, String> filterMap = new LinkedHashMap();
        filterMap.put("/a/core/user/login", "anon");  //登陆接口
        filterMap.put("/a/core/file/fileUpload","anon");  //图片上传接口
        filterMap.put("/photo/**", "anon");   //图库接口
        filterMap.put("/a/core/menuRole/list","anon");   //查询权限接口1
        filterMap.put("/a/core/menuRole/list2","anon"); //查询权限接口2
        filterMap.put("/a/core/menuRole/list3","anon"); //查询权限接口3
        filterMap.put("/a/core/user/get","anon"); //登陆时查询用户接口
        filterMap.put("/a/core/user/savePersonal","anon"); //个人中心修改信息接口
        filterMap.put("/a/core/user/saveUserPassword","anon"); //个人中心修改信息接口
        filterMap.put("/a/core/param/getByKey", "anon");  //获取参数接口
        filterMap.put("/a/core/colunm/list", "anon");  //获取栏目列表

        filterMap.put("/a/content/index/count", "anon");  //统计数据接口

        filterMap.put("/web/api/*", "anon");  //前端官网接口

        filterMap.put("/a/**", "authc");


        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
        return shiroFilterFactoryBean;
    }

    /**
     * 创建安全管理器
     */
    @Bean(name = "securityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("myRealm") MyRealm myRealm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //关联realm
        securityManager.setRealm(myRealm);
        //注入自定义sessionManager
        securityManager.setSessionManager(sessionManager());
        return securityManager;
    }


    /**
     * 自定义的Realm
     */
    @Bean(name = "myRealm")
    public MyRealm userRealm() {
        MyRealm myRealm = new MyRealm();
        myRealm.setCredentialsMatcher(hashedCredentialsMatcher());
        return myRealm;
    }


     /**
     * 凭证匹配器
     * @return
     */
    @Bean
    public HashedCredentialsMatcher hashedCredentialsMatcher(){
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        hashedCredentialsMatcher.setHashAlgorithmName("md5");
        hashedCredentialsMatcher.setHashIterations(24);//加密24次
        return hashedCredentialsMatcher;
    }

    /**
     * Shiro生命周期处理器
     */
    @Bean
    public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("securityManager") DefaultWebSecurityManager securityManager){
        AuthorizationAttributeSourceAdvisor attributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        attributeSourceAdvisor.setSecurityManager(securityManager);
        return attributeSourceAdvisor;
    }

     //自定义sessionManager
    @Bean
    public SessionManager sessionManager() {
        return new CustomSessionManager();
    }




}
